12-08-2013 07:04 AM - edited 03-07-2019 04:58 PM
Hi All
we currently run our LAN on a 192.168.2.x 255.255.255.0 network. We separated our wireless access points to run off 192.168.3.x network. The WAPs give out dhcp fine, but gets no internet or internal connection.
How do we make the .3.x wlan connect to the .2.x lan and get internet and connect to internal resources?
Im new to cisco so please be patient!
Thanks!
12-08-2013 08:05 AM
The wireless clients should be on a separate vlan. The data clients are probably on your native vlan. (Maybe you could post the config.) If the data clients are getting to the internet, but the wireless clients aren't, it's probably got something to do with either routing or nat.
Is dhcp on a router/switch or a server?
HTH,
John
*** Please rate all useful posts ***
12-08-2013 08:40 AM
the WAN goes into a 891 switch (config is below) which connects to a 3000 switch with both wired and wireless clients. The wireless is on a different vlan(we named vlan 10), and gets dhcp fine, so i think problem is we need to connect the two vlans somehow?
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication ppp default local
!
!
!
!
!
aaa session-id common
!
!
!
!
crypto pki trustpoint TP-self-signed-298659689
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-298659689
revocation-check none
rsakeypair TP-self-signed-298659689
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.2.200 192.168.2.254
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.10
ip dhcp excluded-address 192.168.2.200
ip dhcp excluded-address 192.168.2.254
!
ip dhcp pool 0
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.1 192.168.2.1
lease infinite
!
ip dhcp pool 10
network 192.168.3.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.1
!
!
!
!
!
interface Loopback0
no ip address
!
!
interface FastEthernet0
switchport mode trunk
duplex full
speed 100
!
!
interface FastEthernet1
shutdown
!
!
interface FastEthernet2
shutdown
!
!
interface FastEthernet3
shutdown
!
!
interface FastEthernet4
shutdown
!
!
interface FastEthernet5
shutdown
!
!
interface FastEthernet6
shutdown
!
!
interface FastEthernet7
shutdown
!
!
interface FastEthernet8
description $ES_WAN$$FW_OUTSIDE$
bandwidth 1800
bandwidth receive 13000
ip address 192.168.0.254 255.255.255.0
ip access-group 103 in
ip nat enable
ip tcp adjust-mss 1452
duplex full
speed 100
priority-group 5
crypto map ipsec-rackspace
!
!
interface Virtual-Template1
ip unnumbered Vlan1
ip access-group 104 in
ip access-group 104 out
ip nat enable
peer default ip address pool defaultpool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
ip access-group 102 out
ip flow ingress
ip nat enable
ip tcp adjust-mss 1452
!
!
interface Vlan10
description $WI-FI VLAN 1$
ip address 192.168.3.1 255.255.255.0
ip access-group 123 in
ip access-group 123 out
ip flow ingress
ip nat inside
ip nat enable
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Async1
no ip address
encapsulation slip
!
!
!
router eigrp 1
network 192.168.2.0
network 192.168.3.0
!
ip local pool defaultpool 10.0.2.1 10.0.2.255
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
12-08-2013 08:08 AM
Do you have the SVI created on core for the inter-vlan routing?
12-08-2013 08:41 AM
no idea, the config is above?
12-08-2013 10:47 AM
Hi Kyle,
ip dhcp pool 10
network 192.168.3.0 255.255.255.0default-router 192.168.2.1
dns-server 192.168.2.1
!
the default-gateway for the clients in the 192.168.3.0/24 network should be 192.168.3.1
HTH
Rolf
12-08-2013 11:01 AM
ok bwhat about DNS?
if i change the GW to .3.1 will that be able to connect to internet then?
thanks for this, not very experienced!
12-08-2013 11:15 AM
With a new DHCP lease, a wireless client now should be able to reach it's default gateway (ping 192.168.3.1).
I'd expect that that 192.168.2.1 is be reachalbe too, so DNS should work as well.
If the wireless client can ping 192.168.2.1, you can test DNS with "nslookup www.cisco.com".
12-08-2013 11:49 AM
would 192.168.2.1 (the 891) be reachable from a .3.1 client though?
If not, what should i check for?
12-08-2013 12:27 PM
Perhaps we should have a look at the access-lists.
Could you post the outputs of
12-08-2013 12:45 PM
Extended IP access list 102
10 permit tcp any any eq www log (4655378 matches)
20 permit tcp any eq www any log (5026056 matches)
30 permit tcp any any eq domain log
40 permit tcp any eq domain any log
50 permit ip any any (3654644 matches)
ciscorouter#show access-list 123
Extended IP access list 123
10 permit tcp any any eq www (167 matches)
20 permit tcp any any eq domain
30 permit udp any any eq domain (49 matches)
40 permit ip any host 192.168.2.205
50 permit ip any host 192.168.2.250 (35 matches)
60 permit ip any host 192.168.2.241
70 permit ip any host 192.168.2.204 (14 matches)
80 permit ip any host 192.168.2.248 (8 matches)
90 permit ip any host 192.168.2.228
100 permit ip any host 192.168.2.229
110 permit ip any host 192.168.2.247 (9 matches)
120 permit ip any host 192.168.2.251
130 permit ip any host 192.168.2.252
140 permit ip any host 192.168.2.202
150 permit ip any any (2111 matches)
Edit: i should also say that when connecting to wirelss, it assigns 192.168.3.x addresses fine, but cant connect to internet or network resources. I presume because they are all on 192.168.2.x network?
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide